[dns-operations] DNS-based site blocking in the UK

[Jim Reid]

On 9 Aug 2011, at 15:48, Wes Hardaker wrote:

> In a world where the government will always have a say in the last  
> hop,
> it's probably not possible to stop them from affecting the last hop.
> The best that can be done is to make disturbing the last hop  
> difficult:
> allow the clients to resolve things themselves, but that won't prevent
> future legislation from requiring all ISPs to block outgoing traffic  
> to
> port 53 so that all ISPs can serve properly-poisoned (TM) records.

Wes, I fear you've over-reacted. Yes, governments could pass laws to  
affect port 53 traffic. I doubt they are that stupid. [Though seeing  
the sorts of silliness coming out of legislators all over the world,  
there are valid grounds to debate that.] There will (or should be) a  
recognition that any legislation shouldn't mention specific  
countermeasures because the bad guys will just route around them  
faster than the law could be updated.

My understanding of the UK situation is that parliament wants to  
curtail copyright violation. How that gets done is implementation  
detail for the experts to sort out. A solution which was disruptive  
and destabilising to the DNS is unlikely to get serious attention,  
especially when there are other, less intrusive ways of blocking  
illegal downloads: address-based blacklisting, traffic shaping, etc.  
The Ofcom report pretty much says this, though the language is more  
subtle than what I've just typed.

> It's a slippery slope to painful places.

Welcome to The Real World (tm). :-)